Router firewall help

Discussion in 'other firewalls' started by Dalesman, Mar 24, 2008.

Thread Status:
Not open for further replies.
  1. Dalesman

    Dalesman Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    1
    Hi, as a newbie silver haired surfer new to the world of routers I would appreciate any help from members regarding a firewall issue. I have recently received a Siemens Gigaset 587 router from Tiscali UK, this is hard wired to my one and only single desktop PC running Win XP protected by Online Armor firewall. On checking it's stealth at Shields Up I was concerned to discover the common port check showed only two stealthed ports the rest being only closed, and not stealthed as was the case with the Thompson Speed touch 330 Modem.
    The all Service port check showed some closed but most were indeed stealthed, as opposed to all with the Speedtouch modem. n re running the check as suggested it would seem that the firewall did in fact learn and I got a passed result for both port tests. This was fine until I re tested on another occasion when I got the previous fail results once again.
    I have also tested it using both Zone Alarm and Comodo firewalls, each one of course after un installing the other firewall, and once again I got a fail result. I also got similar results on the Hackerwatch site. However if I then disable the inbuilt Siemens firewall and re test using only my Online Armor firewall I then get all ports showing stealth however I do get a ping result showing on the common port check.
    I would appreciate any help or re assurance members can give me regarding this issue and hopefully put my mind at rest that it is OK to disable the Siemens router and let my Online Armor firewall take care of things.
    I should add my only reason for using the Siemens router is since my migration to Tiscali from Virgin is that the Thompson 330 now seems to hang on boot up, and as a result I get the no dial tone error message, and from time to time also my user name and password are not registered at this domain.
    On running Dr. Speedtouch this also indicates my user name and password are incorrect, when in fact they are, as after a short delay I do get on line. As only the inbuilt modem is shown in phone and modems, and not the Thompson modem I am therefore unable to locate the wait for dial tone box, in order to correct this issue. Finally my apologies for this somewhat long winded and not very technical posting, as it gets harder as you get older :)
     
  2. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Dalesman,

    Chances are the shieldsuP test is testing your router, not your firewall.

    MIke
     
  3. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    You need to fully stealth your router.
     
  4. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Why do you say so, is this your personal view? Hasn't this "stealth" hype been brought down to earth already?

    It is OK. I (personally) would certainly do so as I prefer to use a firewall of my choice instead of imposed one on a router. I know many here will disagree, but atm I can't think of a single reason why.
    Regarding OA, I would first check with MikeNash what kind of SPI is there in OA now. If the proper TCP SPI (instead of state table) is implemented, I would by all means use that instead of router's firewall.
     
  5. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Brought down to Earth? I set my hardware firewall up to fully stealthed and block echo pings so I can pass the Shileds Up test without the need for any software firewall. A hardware firewall should be your first line of defense.
     
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    There may be an option in your router configuration to "disable response to ping". You may also want to consider turning off UPnP. See what options are available in the router settings.
     
  7. wat0114

    wat0114 Guest

    Hi Dalesman,

    closed status on firewall ports is perfectly fine. Psychologically, stealth can "feel" better, but it is not at all necessary. Responding to pings (echo reply) is no big deal either.
     
  8. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    I understand this, but I would be much curious as to why do you do this. Is it improving your defenses somehow? If yes, how exactly. Or could it simply be that the "test-passing" frenzy (the "green lights" syndrome) befell upon you?

    IMO a common sense (including knowledge, common sense in itself is not enough) is your first line of defense. Firewalls are just as good as are the persons behind them. As for their placement, it does not matter if an inbound filter is on a router's hardware or on PC's. afaik, a hardware firewall is a software as well, and as I see it the one I did not ask for. No thank you, I will "roll" my own.


    There is a general problem with Steve Gibson's site and many other online or offline tests (leaks i.e.) for that matter. It can give some living daylights (or false sense of security) to a user who do not fully understand what is being tested and how and what is the purpose of a specific test. All that red "FAILED!!!" stamp marks and hype about being "invisible" on net are bull. "If you don't get green lights, you are doomed". Tell me about it...:rolleyes:

    A proper test should be deprived of any comments (passed-failed) and serve just as an objective reference. A user should make his own conclusions. If he cannot, than the test is not for him, and some reading/learning should preceed reruns of the test.
    I understand that many does not have enough knowledge to interpret tests properly, but as I see it, the quick answers, the green-red concepts, the "one button" solutions, call them what you like, are actually counterproductive to security. They does not encourage learning, and there is no security without it. No software, no matter which test it passes, can make up for that.
     
  9. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    From what I have learned over the years, the only advantage of a
    software firewall contained in a circuit box that is remote from the
    PC (known as a "hardware firewall"), is that it is more difficult
    for malware located on the PC to attack the firewall directly.
    On the other hand, a good inbound firewall residing on a user's
    PC, is generally more easily configured to local needs than a
    "hardware" firewall, in my limited experience.

    In either case, if the filtering software is inherently well designed,
    both will do an equally effective job, if properly configured.
     
  10. wat0114

    wat0114 Guest

    The other advantage to a router for inbound traffic is it handles and processes all the Internet "noise" (port scans, ARP requests and other crap) that a software firewall would otherwise have to handle. If logging is enabled - as it most often is and should be - on the software firewall when not sitting behind a router, it can consume tremendous resources, taxing the computer in the process. A router handles all this crap, taking the load off the pc. Obviously in this situation the software fw is useful for outbound filtering only.

    Here is some evidence of Internet noise that my router handles. This is only ARP traffic.
     
    Last edited by a moderator: Mar 24, 2008
  11. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Not with UPnP enabled.
     
  12. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    Note my use of the phrase "...if properly configured"
    UPnP is disabled on my router.:D :D
     
  13. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    And that's the problem with routers being promoted as "plug and forget" security devices. Most routers have lousy default settings and aren't properly configured (Wi-Fi options, default password, UPnP, remote access, etc)
    "Autopilot" security doesn't (and probably won't) exist.
     
  14. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,270
    Location:
    England
    Dalesman,

    Just to let you know that I am also with Tiscali and have the speedtouch 301.0.0.12 modem. I have no problems using Online Armor (for a year now) and being fully protected.

    Hope this helps.
     
  15. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    If you've kept up with your Windows Update since Dec 2001..which would include the UPnP security patch, UPnP isn't anything to lose sleep over.
     
  16. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Somebody got to learn sometimes,until i learned that a NAT[network address translation] is only for inbound protection,your NAT does nothing against outbound connections,its something like windows firewall.

    Gibson declare everything stealted if you'r behind a Natrouter,and that is the purpose of NAT anyway[completely protecting your network] or making invisible.
    if you'r concerned about outbound,then a good HIP or softwarefirewall with inbuild HIP [OA] is a choice.
     
Loading...
Thread Status:
Not open for further replies.